Note: I am reposting my response to this query sent to my personal
account to publicize this issue.

> Hello there,
>
> I downloaded the latest version of your BootCD (excellent job btw)
> and then extracted it. As i was extracting it, Norton Antivirus found
> a virus in the file and deleted it. The file that was repaired was
> the following: UltimateBootCD\ubcd32-basic\dosapps\wipecm. The virus
> that was found is called Hacktool.
>
> Your ultimate boot CD is a powerful tool and very helpful. But next
> time, clean it from viruses before uploading it to your website for
> downloads.
>
> Best Regards, Ilias Patronicolaou

This is a false alarm that was introduced in V3.0 (WIPECMOS doesn't
actually contain a virus). It was supposed to be fixed in V3.1 (via EXE
cloaking), but I accidentally left the original COM file in the CD. This
is definitely fixed in V3.2. Take a look at:

Now, why are people still reporting that V3.2 triggers a virus alert,
even when I have rechecked the ISO many times to confirm that it does
not contain WIPECMOS.COM?

I suspect people might be extracting the files in the V3.2 ISO into an
existing V3.0 or V3.1 directory. If you download the original ISO and
view using WinISO or equivalent utility, you can be sure the file
WIPECMOS.COM is not even there!

Last edited by Victor Chew on Mon May 14, 2007 6:17 am, edited 1 time in total.

Hello. I've downloaded and extracted ubcd33-full.iso for costumization. The file wipecmos.com is most definetivly in /dosapps/wipecmos directory (also checked with IsoBuster, besides extracting to an empty directory) and Norton AntiVirus reports it as a virus, or rather; that it contains the virus "hacktool".... I reckon this is a false positive, but what is the file wipecmos.com for anyway?

WIPECMOS is seen as malware by McAfee as well as Norton. I've always thought that this is because it is a program that can be used to remove BIOS passwords - at any rate, it's deliberate, not a false positive.

Victor Chew wrote:Dude, it has to be something else. The new version of WIPECMOS in UBCD
3.3 uses the .EXE format. There is no .COM file.

Hello Victor,
Dudette here. I don't even use NAV, nor care about the bug, but somewhere there should be a simple fact check. I have UBCD 3.3 (basic)downloaded on June 10, 2005 and I just reconfirmed the MD5 checksum. Looking into it (mounted with DAEMON manager) it really does have a file called wipecmos.com in the above mentioned directory. JFYI.

OK, I am stumped. I just checked again as per Michelle's instructions, and indeed WIPECMOS.COM can be found in _both_ UBCD 3.2 and UBCD 3.3. I cannot explain this discrepency, since I have checked this quite a few times, and I was quite sure this was fixed in UBCD 3.2 and up.

I apologise for this grave oversight on my part, and I will _absolutely_ fix it by UBCD 3.4, otherwise you guys can hang me by my underwear!

Victor Chew wrote:Can you confirm that's for WIPECMOS.EXE, and not WIPECMOS.COM? My version of Norton Antivirus did not flag WIPECMOS.EXE.

No, but I can check McAfee this evening. My point was more that I don't think it's a false positive, but a deliberate decision to detect. If it was a false positive, I expect McAfee would have got around to fixing it by now - I first saw it detected 7 or 8 years ago!

I just downloaded it and it is there
My Norton picked it up and deleted it

I Found an older version on a CD and it was there too
Something is not right
Maybe some one should turn this into the FEDS ECT... for Hacking
could this be the reason why systems crash ?
Could this be a way for them to HACK our systems

I do believe the Government and Microsoft is Paying $$$$$$ to report Hackers

I have made a copy of this forum and will be sending it in
Clearly they do not want to fix the problem they just blow Smoke up every ones ASS like we are Dummies
and have no clue what we are talking about
They have had Ample Time to correct the issue but clearly have NOT !!!

I Just download 4 copies of UBCD 3.3 from 4 different download sites but when I extract the exe/zip file and test for virus on the iso with my copy of ZoneAlarm Sutie tell me I have a virus called "Win95.SK" is this the fase alert as my anti-virus software is upto date the anti-virus software in ZoneAlarm Suite is from Computer Associates

I looked @ that page but I could not find out where on the iso the virus was as my anti-virus deletes it as soon as I extract it from the exe/zip file and trys to delete the exe/zip file as well so I can't burn it to disk, I can't turn off the anti-virus as I use the family pc and the software is passworded when is a fixed copy going to be available?

rola wrote:I also want to know how to solve the problem, but I found no answer.

Just ignore it, since it's not an actual problem ? :hmm:

Hammerite Compendium of Precepts, Regimens and Rules of Conduct, Vol. 113 :A stroke of thy chisel, once made, canst be undone, but a stroke thou dost not make from fear is a worse flaw.
Be not cautious - be correct.